Summary
| Detail | |||
|---|---|---|---|
| Vendor | Freedesktop | First view | 2017-05-30 |
| Product | Poppler | Last view | 2020-12-03 |
| Version | 0.51.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:freedesktop:poppler | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-12-03 | CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. |
| 8.8 | 2019-09-05 | CVE-2018-21009 | Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
| 7.5 | 2019-08-01 | CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
| 6.5 | 2019-07-22 | CVE-2019-9959 | The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. |
| 8.8 | 2019-05-23 | CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
| 6.5 | 2018-11-10 | CVE-2018-19149 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. |
| 6.5 | 2018-07-25 | CVE-2018-13988 | Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. |
| 5.5 | 2018-05-10 | CVE-2017-18267 | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. |
| 7.8 | 2017-06-22 | CVE-2017-9776 | Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
| 6.5 | 2017-06-22 | CVE-2017-9775 | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. |
| 5.5 | 2017-06-06 | CVE-2017-7515 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. |
| 5.5 | 2017-05-30 | CVE-2017-7511 | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (3) | CWE-190 | Integer Overflow or Wraparound |
| 20% (2) | CWE-476 | NULL Pointer Dereference |
| 20% (2) | CWE-125 | Out-of-bounds Read |
| 10% (1) | CWE-674 | Uncontrolled Recursion |
| 10% (1) | CWE-369 | Divide By Zero |
| 10% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2019-1010.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c8c7d35b83.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9a29edb638.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-679f8aba03.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-12b934e224.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1393.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1110.nasl - Type: ACT_GATHER_INFO |
| 2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3140.nasl - Type: ACT_GATHER_INFO |
| 2018-08-15 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e1f03d1f72.nasl - Type: ACT_GATHER_INFO |
| 2018-01-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201801-17.nasl - Type: ACT_GATHER_INFO |
| 2018-01-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4079.nasl - Type: ACT_GATHER_INFO |
| 2017-10-09 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3440-1.nasl - Type: ACT_GATHER_INFO |
| 2017-10-02 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-902.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1230.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1229.nasl - Type: ACT_GATHER_INFO |
| 2017-09-05 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO |
| 2017-09-05 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-2551.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-2550.nasl - Type: ACT_GATHER_INFO |
| 2017-08-31 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170830_poppler_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-31 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170830_poppler_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-31 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-2551.nasl - Type: ACT_GATHER_INFO |
| 2017-08-31 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-2550.nasl - Type: ACT_GATHER_INFO |
| 2017-08-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-1074.nasl - Type: ACT_GATHER_INFO |
